1 / 13

Data Management Planning for Secure Services (DMP-SS)

Data Management Planning for Secure Services (DMP-SS). † Tito Castillo, † Stelios Alexandrakis , † Anthony Thomas, † Michael Waters, *Phil Curran, *Kevin Garwood † UCL Institute of Child Health *MRC Unit for Lifelong Health and Ageing. DMP-SS Data Management Planning for Secure Services.

bandele
Download Presentation

Data Management Planning for Secure Services (DMP-SS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Management Planning for Secure Services (DMP-SS) †Tito Castillo, †SteliosAlexandrakis, †Anthony Thomas, †Michael Waters, *Phil Curran, *Kevin Garwood †UCL Institute of Child Health *MRC Unit for Lifelong Health and Ageing

  2. DMP-SSData Management Planning for Secure Services The Digital Curation Centre has developed DMPOnline to assist researchers with the design of structured and standardised data management plans. Data management planning involves consideration and application of effective information security. Question: Can we harness aspects of DMPOnline to assist with the establishment of a formal Information Security Management System (ISMS)?

  3. Summary • The project seeks to develop an Information Security Management System (ISMS) • ISO-27001:2005 • ISMS designed to operate with a local registry of data management plans • Health and social science surveys are standardising on DDI as the method for metadata representation • Local DMP registry will extend DDI top accommodate the DMPOnline checklist.

  4. Information Security Management Systems • International standard for information security • ISO-27001:2005 • Describes requirements (i.e. what you ‘shall’ do) • Independently audited • Associated code of practice • ISO-27002:2005 • Provides guidance (i.e. what you ‘should’ do) • An ISMS is dynamic

  5. Objectives • Extend DMPOnline checklist through a formal object model for data management planning • Create a local DMP repository service by extension of the DDI 3.x standard to accommodate elements of the DMP object model. • Develop suitable web-services from the local DMP repository to allow for search and retrieval of data management plans contained within the repository • Develop the necessary functional components for an ISO-27001 compliant ISMS • asset and risk registers • controls and assurance records • document management system

  6. DMP-SS ProjectData Management Planning for Secure Services

  7. DMPOnline Checklist The DMPOnline checklist provides a taxonomy of questions relating to the planned use of dataassets within a research project

  8. ISO 27001 controls taxonomy The standard proposes a taxonomy of controls and associated assurance mechanisms that may be applied by an organisation to reduce the risk to specified information assets.

  9. Information Security Management System (ISMS) Development PLAN DO ACT CHECK Management Support Compliance Review Corrective Action Define ISMS Scope Create ISMS Stage 1 Audit Create Asset Register ISMS Implementation Programme Stage 2 Audit Risk Assessment Risk Treatment Plan Corrective Action Procedure ISO-27001 Certification ISMS Statement of Applicability

  10. Relationship between DMP and ISMS Data Management Plan Information Security Management System

  11. What is DDI? • Data Documentation Initiative (DDI) • XML metadata specification • Describes the study, datasets, supporting docs & other external resources • DDI Alliance • DDI version 1.0-2.1 • focus is on the archive / preservation / dissemination • Has been around since 2000. • Widely used and tools available • DDI version 3.0-3.1 • Encompasses the entire survey life cycle • Initial version released in 2009. • Early adoption stage and tools in development

  12. DDI ‘life-cycle’ standard Metadata descriptors of data management process. ….. from conceptualisation through to archival.

  13. Project Workpackages • Adaptation of DMP Online • DCC develop web service API • DDI Repository development • Metadata Technology develop formal model of DMP and extend DDI repository • Risk assessment tool development • ICH develop ISMS (database and document management system) • Stakeholder Engagement • Pilot studies • Reporting

More Related